Which versions of Tenda are affected by CVE-2026-4535?

A critical vulnerability in Tenda FH451 routers allows authenticated attackers to execute arbitrary code, with a public exploit already available.

Is there a public PoC exploit available for CVE-2026-4535?

Yes, a public proof-of-concept exploit is available for CVE-2026-4535. Prioritise patching immediately. EPSS: 0.0%.

Tenda CVE-2026-4535

Q: What is the CVSS score of CVE-2026-4535?

CVE-2026-4535 has a CVSS 4.0 base score of 7.4 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-14279 HIGH

Stack-based Buffer Overflow (CWE-121)

2026-03-22 VulDB

GHSA-cqhc-m7m4-j634

Buffer Overflow Stack Overflow Tenda

7.4

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

Apr 03, 2026 - 17:22 vuln.today

Public exploit code

EUVD ID Assigned

Mar 22, 2026 - 04:30 euvd

EUVD-2026-14279

Analysis Generated

Mar 22, 2026 - 04:30 vuln.today

CVE Published

Mar 22, 2026 - 03:32 nvd

HIGH 7.4

DescriptionNVD

A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AnalysisAI

Stack-based buffer overflow in Tenda FH451 1.0.0.9 allows authenticated remote attackers to achieve complete system compromise through crafted input to the WrlclientSet endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. …

RemediationAI

Within 24 hours: Identify and inventory all Tenda FH451 devices in production and assess network criticality. Within 7 days: Implement network segmentation to isolate affected devices, restrict administrative access to trusted networks only, and monitor for exploitation attempts. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-4535 vulnerability details – vuln.today

Back

Tenda CVE-2026-4535

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

Tenda CVE-2026-4535

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code